ZyXEL Communications ADSL2+4 Benutzerhandbuch

P-660H-T1v3s User’s Guide

This chapter shows you how to enable the P-660H-T1v3s firewall. Use the firewall 
to protect your P-660H-T1v3s and network from attacks by hackers on the 
Internet and control access to it. By default the firewall:

• allows traffic that originates from your LAN computers to go to all other 

networks. 

• blocks traffic that originates on other networks from going to the LAN.
• blocks SYN and port scanner attacks.

By default, the P-660H-T1v3s blocks DDOS, LAND and Ping of Death attacks 
whether the firewall is enabled or disabled.

Use the Firewall screen (

) to enable firewall and/or SPI 

on the P-660H-T1v3s.

The following terms and concepts may help as you read this chapter.

A SYN attack floods a targeted system with a series of SYN packets. Each packet 
causes the targeted system to issue a SYN-ACK response. While the targeted 
system waits for the ACK that follows the SYN-ACK, it queues up all outstanding 
SYN-ACK responses on a backlog queue. SYN-ACKs are moved off the queue only 
when an ACK comes back or when an internal timer terminates the three-way 
handshake. Once the queue is full, the system will ignore all incoming SYN 
requests, making the system unavailable for legitimate users.